‘Interpark hack was spearphishing scam’

By KH디지털2
  • Published : Aug 31, 2016 - 17:45
  • Updated : Oct 26, 2016 - 23:32

[THE INVESTOR] A strategy known as spearsphishing was used in the hacking incident that leaked the personal information of over 10 million consumers registered with e-commerce site Interpark, according to the ICT Ministry and the Korea Communications Commission on Wednesday.

According to the two agencies, the Interpark hack leaked over 26.6 million pieces of personal information. The hacker used a spearphishing scam, which targeted one specific employee to spread malware throughout Interpark’s network servers and leak its members’ personal information.

The hackers were found to have determined the normal email patterns of the targeted employee to create a convincing hack email. Once the employee opened the attached malware, it spread rapidly throughout Interpark’s networked computers.

The leaked information included IDs, passwords, cell phone numbers and addresses.

On Wednesday, the KCC also released a manual for companies to help minimize the effects of future information leaks. One of the major pillars of the proposed system was alerting consumers and relevant authorities about the leak.

In the case of Interpark, authorities concluded that its response had been less effective because Interpark had waited roughly two months before alerting the public about the incident. Although Interpark’s system was first hacked in May, the incident was only made public in July.

By Won Ho-jung/The Korea Hearld (hjwon@heraldcorp.com)